Principal Security Consultant - Red Team Lead in Birmingham

Every year, we deliver a large number of red teaming engagements for a variety of prestigious clients. The typical delivery time frame is in the region of weeks to months. We start with a threat intelligence phase in order to ensure maximum realism and then we move on to a multi scenario attack phase. Finally, we place great emphasis on detection and response. We see the blue team as our customer and so we go on site to conduct an incident response maturity assessment with them at the end of the engagement.

What we are looking for

• The ability to perform under pressure - we have to outfox and outrun the blue team!
• A willingness to occasionally work unsociable working hours - attackers don’t just work 9-5 and sometimes we need to replicate that!
• Strong knowledge of the cyber kill chain and common tactics, techniques and procedures often employed by a variety of threat actors.
• A good understanding of how a typical blue team operates.
• You will be enthusiastic and able to work well within a high performing team as well as perform to a high standard autonomously.
• You will have an in depth understanding of risk.
• The ability to write and deliver high quality reports.
• A thirst for research and being at the cutting edge of the industry.

The role involves

• To be the main focal point for the technical delivery of highly sophisticated attack simulations, while operating under legal standards, regulated frameworks and co-ordinating a minimal risk based approach.
• A Red Team Lead is expected to be able to operate multiple engagements at once, orchestrating and supporting his teams to deliver on agreed objectives.
• The lead will be expected to work in challenging environments and deliver under pressure, while maintaining good working relationships with customers.
• The role focuses on a high level of competence in technical delivery but requires an equally high level of aptitude for consultancy and management, influence and presentation skills.
• A Red Team lead will be required to manage and mentor people while working with and debriefing executive teams, company boards or regulators such as the Bank of England (BoE) and Financial Conduct Authority (FCA).

Role responsibilities

• Plan and execute complex Red and Purple team engagements, Penetration tests and Social Engineering Assessments.
• Take ownership for continued improvement of both the reporting templates and the mentorship of others not achieving high quality reports.
• Deliver both technical and management debriefs, up to executive level.
• Maintain a good working knowledge of Blue team tactics/capabilities, specific to people, processes and technologies.
• Support and delivery Detection and Response (DRA) assessments and reports where necessary.
• Maintain a good working knowledge of threat actors and their Tactics, Techniques and Procedures (TTP's).
• Assist Project Delivery in planning and arranging Red team activities, assigning personnel and managing workloads.
• Co-ordinated delivery of Red Team risk workshops, Threat Intelligence handover and project setup meetings with customers.
• Create robust and coherent test plans, or provide quality assurance of any test plans.
• Support the Global Red Team operation by being able to travel both domestically and internationally, while operating in multiple time zones where necessary.
• Maintain a proficient knowledge of regulatory frameworks, laws and their legal implications, operational security and its impacts on the team.
• Carry out or support technical research that increases LRQA's delivery capability and industry awareness.
• Support the sales team in procurement of red team services:
• Responding to RFP's and other proposals.
• Presales to support the effective communication of the red team service and set appropriate expectations.
• Onsite presentation of red team service to executive level audiences.
• Regular training provided to the sales team to upskill the knowledge of the red team service and current terminology.

Reporting:

• Create high quality and thorough technical and management reports, which are appropriately directed to their intended audience.
• Providing Quality Assurance services, confirming either the relevant technical or management quality, as well as the report being coherent and written to a high standard.
• Coach and mentor Red Team members, providing support to all aspects of the job, technical, procedural and social.
• Maintain and abide by the Red Team methodology and supporting documentation/processes. This includes leading change where deemed necessary, and continuing to improve the service.
• Create tools and procedures to assist in improving process, continuity and business growth.
• To drive internal initiatives through both request and observation, specific to improving the Red Team service or LRQA's commercial presence.
• Strong leadership, managing a team of testers, assigning workload and utilising the different skillsets to achieve objectives.
• Maintain a focus on client objectives and have the ability to manage time and client expectations.
• Help maintain and further develop the LRQA brand reputation across the industry, this could be in the form of training, workshops, conference talks or blogs.

Skills/experience required

Essential

• Demonstrably strong technical, social and presentation skills.
• Demonstrate strong influence, negotiation and relationship management skills.
• Demonstrably strong written and speaking English skills.
• Demonstrate strong analytical/problem solving skills.
• Demonstrate strong ability to lead, teach, present and inspire the wider team.
• Highly proficient with multiple C2 frameworks and capable of modifying or creating tooling to overcome technical challenges.
• Demonstrate strong analytical/problem solving skills.
• Demonstrate strong ability to lead, teach, present and inspire the wider team.
• CREST CCSAM/CCTRM, CCSAS/CCRTS or equivalent level of IT Security related certification/knowledge.
• Ability to work and deliver under pressure in a worldwide organisation.
• Knowledge and experience in scripting or programming languages (e.g. Python, PowerShell, C, C#, Java) in order to develop custom scripts or tools.

Desirable

• Highly proficient with multiple C2 frameworks and capable of modifying or creating tooling to overcome technical challenges.
• Knowledge and experience in development or programming languages (e.g. Python, PowerShell, C, C#, Java) in order to develop custom scripts or tools.
• Knowledge of adversary tactics against Apple (MACOS) heavy environment.
• Hold or have the ability to obtain UK SC and DV level clearances.
• Understanding of global regulatory landscape for technology and cyber risk.
• Conducting threat modelling.
• Experience of defining strategies, methodologies, processes and procedures required to create a successful security strategy.